incomplete testing of a new or modified program that failed to test the bypassed unreachable code;

obsolete code that a programmer forgot to delete;

unused code that a programmer decided not to delete because it was intermingled with functional code;

conditionally useful code that will never be reached, because current input data will never cause that code to be executed;

complex obsolete code that was intentionally retained but made unreachable so that it could be revived later if needed;

debugging constructs and vestigial development code which have yet to be removed from a program.

In the latter five cases, code which is currently unreachable is often there as part of a legacy, i.e. code that was once useful but is no longer used or required. However, the unreachable code may also be part of a complex component (library, module or routine), where the code continues to be useful in conjunction with different input data (never generated by the current application) or under conditions which are not met in the current runtime environment, thereby making the corresponding code unreachable, but which can occur in other runtime environments, for which the component has been developed.

An example of such a conditionally unreachable code may be the implementation of a printf() function in a compiler's runtime library, which contains complex code to process all possible string arguments, of which only a small subset is actually used in the program. Without recompiling the runtime library, compilers will typically not be able to remove the unused code sections at compile time.

The definition int iZ = iX*iY; is never reached as the function returns before the definition is reached. Therefore the definition of iZ can be discarded.

An example of real life code that contained a major security flaw due to unreachable code is Apple's SSL/TLS bug formally known as CVE-2014-1266 and informally known as the "goto fail bug"[2][3] from February 2014. The relevant code fragment [4] is listed below:

Here, there are two subsequent calls to goto fail. The second one is unconditional, and hence always skips the call to the final check. As a consequence, err will contain a successful value after the SHA1 update operation was successful, and the signature verification will never declare a failure, as the final check is omitted.[2]

Here, the unreachable code is the call to the final function, which should have been reached. There are several good coding practices that could have prevented this fault from occurring, such as code reviews, the proper use of indentation or curly braces, and test coverage analysis.[3] Applying the Clang compiler with the option -Weverything includes unreachable code analysis, which would trigger an alarm for this code.[3]

Detecting unreachable code is a form of static analysis and involves performing control flow analysis to find any code that will never be executed regardless of the values of variables and other conditions at run time. In some languages (e.g. Java[5] ) some forms of unreachable code are explicitly disallowed. The optimization that removes unreachable code is known as dead code elimination.

In practice the sophistication of the analysis performed has a significant impact on the amount of unreachable code that is detected. For example, constant folding and simple flow analysis shows that the statement xyz in the following code is unreachable:

intiN=2+1;if(iN==4){xyz}

However, a great deal more sophistication is needed to work out that the statement xyz is unreachable in the following code:

doubledX=sqrt(2);if(dX>5){xyz}

The unreachable code elimination technique is in the same class of optimizations as dead code elimination and redundant code elimination.

In some cases, a practical approach may be a combination of simple unreachability criteria and use of a profiler to handle the more complex cases. Profiling in general can not prove anything about the unreachability of a piece of code, but may be a good heuristic for finding potentially unreachable code. Once a suspect piece of code is found, other methods, such as a more powerful code analysis tool, or even analysis by hand, could be used to decide whether the code is truly unreachable.